Bug#824078: libdvd-pkg: fails to report "apt-get check" errors (and others) correctly

[Cyril Brulebois]

Package: libdvd-pkg
Version: 1.4.0-1-1
Severity: important

Hi,

While working on Tails, it was noticed that our reproducible build
attempts were failing due to some missing packages. Investigating led to
our apt-get wrapper missing support for the 'check' action. So far,
nothing to worry on your side.

But our wrapper specifically exited with '1' in that case, and it seemed
strange that debian/b-i_libdvdcss.sh didn't catch that. Looking at its
code:
| apt-get check >/dev/null 2>&1
| if [ "$?" -ne 0 ]; then
|     echo "${PKGI}: \`apt-get check\` failed, you may have broken packages. Aborting..."
|     exit 0
| fi

This doesn't seem reasonable. I would suggest storing the return value
e.g. with "ret=$?", and using "exit $ret" so that this return value is
propagated. If propagating this return value isn't deemed interesting,
please at least "exit 1".

The same seems to be true for the dpkg lock check:
| dpkg -i /dev/zero 2>/dev/null
| if [ "$?" -eq 2 ]; then
|     echo "${PKGI}: dpkg database is locked. You may need to use command \"sudo dpkg-reconfigure ${PKGI}\"."
|     if [ -h "/etc/apt/apt.conf.d/${P88}" ]; then
|         echo "${PKGI}: Building and installation of package(s) [${PKGG_ALL}] postponed till after next APT operation."
|     fi
|     exit 0
| fi

This "exit 0" seems bogus as well.

The final "dpkg && touch || echo" also means we're getting echo's return
value (likely 0…) instead of an error when reaching this codepath. You
may want to be using something like:
|    …
|    || { echo "error message"; exit 1; }

or an "if" construct, to get in line with what's done earlier in the
script, before "set -e" was put into place.

Thanks for considering.


KiBi.